Welcome! If this is your first visit, be sure to check out the FAQ by clicking the link above. You will have to login before you can post: click the LOGIN link at the top of this page to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Threaded View

OpenSSL needs updating for Common Criteria certification

We are currently beginning the process of Common Criteria certification of our SLES 12 SP2 product.

It has come to our attention that the current version of OpenSSL, v1.0.2j-60.11.2, is currently using RSA for key encapsulation (used as part of TLS) that will be non-approved starting in 2018. See section 6 of http://nvlpubs.nist.gov/nistpubs/Spe...800-131Ar1.pdf. Starting 2018, this needs to be as per SP 800-56B or else it will not be allowed.

As per the SLES 12 OpenSSL Security Policy (https://csrc.nist.gov/CSRC/media/pro.../140sp2435.pdf), Table 4 indicates that it is using RSA for key-wrapping using non-compliant schemes, which is allowed till 12/31/2017.
Starting 2018, RSA used for key-wrapping should be implemented as per SP 800-56B key transport scheme.

I would like to know when SUSE plans to update the RSA key encapsulation for OpenSSL provided by SLES 12 SP2.